?
Solved

Torrent download = endless Portscans?  Help me please!

Posted on 2009-04-22
3
Medium Priority
?
870 Views
Last Modified: 2013-11-21
Dear EE,

1.)  I have an Astaro ASG220 firewall defending my corporate network.  However, my question is not specific to Astaro's.

2.)  I run the premium (pay version) of AVG 8.5 on my laptop.  I had to disable the software firewall because it conflicted with Appriver hosted exchange.  So I'm using AVG 8.5 without any software firewall.  

3.)  THE PROBLEM:  Everytime anybody on my LAN starts a torrent download - I receive an endless stream of 'portscans' warnings from the Astaro that lists the host's IP address the portscans are coming from.  I just started a 7-hour torrent for Fedora-10-x86_64-CDs (something I would expect to be clean) that I simply must download for tomorrow - no excuses.  You guessed it - the instant I started the download - the Astaro starts sending me portscan warnings.  Super frustrating!  How is it possible that every torrent is "infected" with a portscan viruses?

4.)  MAIN QUESTION:  What precautions can I make to neutralize portscans prior, during, after a torrent download?  How do you neutralize active portscans - without killing a critical download?

5.)  FYI:  It has been roughly (100) minutes since I began the download - I have transmitted over (300) portscans from my laptop that my Astaro has warned on.

6.)  PEOPLE WITHOUT HARDWARE FIREWALLS THAT LIKE TORRENT:  Take it from me - lately - ALL torrents are infected with portscans.  Yes ALL of them.  I don't pretend to know why or how.  My point is only that you should pay attention to the steps to neutralize portscans even though you don't have a firewall confirming that you're sending portscans.  Be careful.

Thanks
0
Comment
Question by:buymycorp
  • 2
3 Comments
 
LVL 8

Expert Comment

by:Bradley Haynes
ID: 24208041
Some torrent sites have various ports they use to transfer files. To determine what port you have listening a scan may be done.
In your Firewall you can make a specific exception for the application/torrent client.
Also set up a DMZ so you can "Clean" all the torrents downloaded before they are injected into your production network.
0
 

Author Comment

by:buymycorp
ID: 24215685
The torrent was finished when I arrived back at work this morning.  The finished Fedora_10 cd's were in my torrents\completed folder.  I erased & removed the torrent from the Utorrent client before closing the Utorrent client.  I then burned my (6) CD's and then DELETED EVERYTHING to do with the torrent and downloaded files.

 I'm still receiving portscan warnings from the Astaro every 2 or 3 mintues!!!!  Luckily I have Appriver and they have no mailbox limit!  My mailbox had 1,600 warning emails this morning .  


Again, I don't want to know how to dumb-down my Astaro.  I want to know how to neutralize this portscan.  I'm going to reboot and see if that helps.    
0
 
LVL 8

Accepted Solution

by:
Bradley Haynes earned 1500 total points
ID: 24216623
What OS are you running?
Also, set the torrent client to one port and create a tunnel thru the router to that port.
Create a rule in the firewall for that port to allow traffic. If you can limit the time window to the hours that you know ppl will be using their torrent client.
 
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the past decade, as Internet security has become a chief concern of IT professionals, one of the most common questions administrators and users ask is, “Which is more secure, SFTP or FTPS?” In short, both file transfer protocols offer a high…
With the withdrawal of support for Windows Server 2003 this summer, many clients face the issue of moving away from their 2003 installs. There are a few options out there that many people/companies are selling. But the clients I have, haven't wanted…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Suggested Courses
Course of the Month17 days, 5 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question